1. Prelude

The build of the full automation of CI/CD pipeline will be divided into three documents. This copy is the first of the three. It is only focus on the basic pipeline and deployment. The project itself is based on other’s work, therefore it lacks full understanding and customization and automation required. However, it will be a guideline to the second document which will solely based on self developed project and work toward understanding the rest. The last one will be the beginning to the production level workflow.

2. Setup

The following are things to be installed before the tutorial. The machine used here are specifically instructed for MAC user.

  1. Virtualbox pre-installed (v. 6.1)
  2. Docker registry account created and have one empty repository (Docker Hub)

3. Install Minikube and Kubectl

Minikube is a single node local Kubernetes distribution.

First to install latest minikube stable release on x86-64 macOS using binary download:

curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-darwin-amd64

sudo install minikube-darwin-amd64 /usr/local/bin/minikube

To initialize a Minikube cluster:

minikube start --container-runtime=containerd --driver=virtualbox

The default will occupied 2CPUs, 2GB of free memory, 20GB of free disk space.

3.1 Install kubectl

  1. Download the latest release:
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl"
  1. Make the kubectl binary executable.
chmod +x ./kubectl
  1. Move the kubectl binary to a file location on your system PATH.
sudo mv ./kubectl /usr/local/bin/kubectl
sudo chown root: /usr/local/bin/kubectl

Note: Make sure /usr/local/bin is in your PATH environment variable.

  1. Test to ensure the version you installed is up-to-date:
kubectl version --client

4. Github Repository setup and Docker Registry

  1. Download the resource to your local space (preferably at home directory, and rename it to tekton_resource).

  2. Then Create two new private Github Repositories (one is for coffee-testing/ [Application purpose] and the other for tekton-argocd/ [Gitops purpose]).

  3. Push the local (coffee-testing/ and tekton-argocd/) to the Github using https. Note that recently github has change remote connection to github to use personal access token instead of your user password. To generate a personal access token, go to your account settings -> Developer settings -> Personal access Token -> Generate new Token -> Fill the note and Select all boxes -> Generate token.

This token will be your password when you connect to github repo using https.

4.1 Generate SSH public keys and private keys

Here we need to generate two public/private key pairs for our Application and Gitops repository.

  cd ~/tekton_resource
  ssh-keygen -t rsa -b 4096
  # Enter file in which to save the key: tekton
  # Enter passphrase: [press Enter/return]
  ssh-keygen -t rsa -b 4096
  # Enter file in which to save the key: gitops
  # Enter passphrase: [press Enter/return]
  cat tekton | base64
  # copy the encoded version of the private key and paste it under data.ssh-privatekey of the tekton-git-ssh-secret.yaml
  cat gitops | base64
  # copy the encoded version of the private key and paste it under data.ssh-privatekey of the tekton-gitops.yaml

Go to both your github repositories. Under Settings -> Deploy keys, choose Add deploy key. Give a title (name does not matter) then copy the tekton.pub and gitops.pub and paste them under key section respectively. Remember to mark Allow write access and Add key.

To copy public key to your clipboard, you can use the following command:

  pbcopy < [public key]

4.2 Generate secret for docker hub

Again you need to create an account for docker hub with a repository and login before anything below.

kubectl create secret docker-registry regsecret --docker-server=https://index.docker.io/v1/ --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>

You can save a copy by

kubectl get secret regsecret --output=yaml > regsecret.yaml
# remove metadata.creationTimestamp, metadata.namespace, metadata.resourceVersion, metadata.uid

5. Install Tekton

To install the core component of Tekton, Tekton pipeline:

kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml

This will also set up a namesapce: tekton-pipelines. We will set it to current namespace by running

kubectl config set-context --current --namespace=tekton-pipelines

To run a CI/CD workflow, we need to provide Tekton a Persistent Volume for storage purposes.

kubectl apply -f pv_1.yaml

The following will ask Tekton to request a Persistent Volume of 7Gi with the manual storage class when running a workflow:

kubectl create configmap config-artifact-pvc \
                         --from-literal=size=7Gi \
                         --from-literal=storageClassName=standard \
                         -o yaml -n tekton-pipelines \
                         --dry-run=client | kubectl replace -f -

5.1 Install tekton dashboard

To install dashboard

kubectl apply --filename https://github.com/tektoncd/dashboard/releases/latest/download/tekton-dashboard-release.yaml

To run dashboard

kubectl --namespace tekton-pipelines port-forward svc/tekton-dashboard 9097:9097

Now you can access dashboard by http://localhost:9097

6. Install Argocd

kubectl create namespace argocd

kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml

7. Apply Secret

Apply previous secret yaml file to kubernetes:

kubectl apply -f tekton-git-ssh-secret.yaml

kubectl apply -f tekton-gitops.yaml

kubectl apply -n tekton-pipelines -f regsecret.yaml

Setup service account which provides identity for processes that run in pods:

cd ~/tekton_resource/tekton-argocd/tekton
kubectl apply -f serviceaccount.yaml

Setup argocd environment:

cd ~/tekton_resource/tekton-argocd
kubectl apply -f argocd/

Note first change spec.source.repoURL in argocd/argocd-app-systemtest.yaml to your gitops repository ssh url.

Then apply registry secrets to systemtest environment

cd ~/tekton_resource
kubectl apply -n systemtest -f regsecret.yaml

7.1 Setting for argocd dashboard

First connect to argocd server and you can access dashboard through https://localhost:8081

kubectl -n argocd port-forward svc/argocd-server 8081:80

The default username and password to login is as follow:

Username: admin
Password : <kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d>

7.2 Connect tekton with argocd

First go to /settings/accounts/tekton in the dashboard

Then click generate new token. In the command line copy the token string in the following command:

kubectl create secret -n tekton-pipelines generic argocd-env-secret '--from-literal=ARGOCD_AUTH_TOKEN=<token>'

7.3 Connect GitOp repository to argocd

Commit any change to github before continuing

  1. Go to /Settings/Repositories.
  2. Click Connect Repo using SSH

Fill the following:

Respository URL: <<git@github.com:/Ninox-RD/GitOp>> # your gitop ssh url
ssh-private key: <<gitops>> # your gitops private key

7.4 Install Istio and setup

It is not required to understand the settings below. This is only used by this specific project.

cd ~/tekton_resource
curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.12.0 sh -
istio-1.12.0/bin/istioctl install --set profile=demo -y

8. Task and Pipeline setup

cd ~/tekton_resource/tekton-argocd
  1. Apply individual task to tekton
kubectl apply -f pipeline/task-build-push.yaml

kubectl apply -f pipeline/task-deploy.yaml

kubectl apply -f pipeline/task-run-smoketest.yaml

kubectl apply -f pipeline/task-run-st.yaml
  1. Apply pipeline to tekton
kubectl apply -f pipeline/pipeline.yaml

Now change buildRevision, appGitUrl, configGitURL, appImage of spec.params in pipelinerun/pipelinerun.yml.

To find commit number:

  1. Run the pipeline
kubectl create -f pipelinerun/pipelinerun.yml

Note the end result will have errors at the last step of task-run-st. This is intended since I do not want to sort out application errors and instead focus on the pipeline setup.

Next document will be different example and will focus on completeness of automation pipeline and will have more visibility to the actual running application.